Service Level Agreements (SLAs) keep both our projects and whitehats accountable to proper response times and expectations of resolution.
When you were onboarded with Immunefi, you may have received a document going over the expectations of having a bug bounty program with us, which includes expected response times, as well as expectations for rewarding and communicating with whitehats.
We expect projects to follow the agreed upon documents for the benefit of all involved.
Note: Whitehats generally provide information within 24 hours from inquiry, as they are incentivized to get bug reports closed right away.
Standard Bug Bounty Program Operation SLA Table
|Severity Level||Report Acknowledged||Resolution on Report||Immunefi 10% fee payment||Total SLA by Severity Level|
|Critical||48 hours||14 days from escalation||7 days from date of Immunefi's request for payment||21 days|
|High||96 hours||21 days|
|Medium||7 days from escalation||14 days|
Please note that resolving a bug report is not defined as fixing the actual bug, as this is not up to Immunefi nor the Whitehat. A bug report is considered resolved when the whitehat is rewarded and Immunefi fee is paid.
If you are not able to resolve a bug report within the expected time frame, you need to communicate this before it goes beyond that time frame.
Whitehats expect projects to reply within these time frames and can request mediation from Immunefi if they don’t receive a response in accordance with these SLAs.